CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468...

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

💥 BUG Stored xss during file upload 💥 STEP TO REPRODUCE check this 1 minute video to reproduce the bug https://drive.google.com/file/d/17TkVQxAOuXxSnlaPh4smvbJndcW-JQla/view?usp=sharing 💥 IMPACT Lower level user can make xss attack against admin. So, using this xss bug lower level user can execut...

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using this xss and can...

Automattic: Lazy Load stored XSS

I noticed a problem with the Lazy Load WordPress plugin. It could be exploited by a lower-level user to gain administrator-level access or server compromise. I've discussed this by email with Mohammad Jangda who confirmed the issue. According to my tests, this kind of post content leads to...